Ubuntu
libzpc package

[25.04 FEAT] libzpc: support protected key derived from Secure Execution retrievable secrets

Bug #2097545 reported by bugproxy
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
libzpc (Ubuntu)
Fix Released
High
Alexandre Erwin Ittner

Bug Description

Feature Description:

Extend libzpc to support a new key class: SecEx retrievable keys that can be retrieved from the ultravisor as protected keys.
So instead of a secret key objects the keys of this new key class need to a reference to the respective secret identifier to obtain the according protected key.

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2025-02-06 08:34 EDT-------
This item requires patches on top of libzpc v1.2.0

We already have a pull request for this item open, but are still reviewing.
We are trying to get this upstream in the next couple of days.

tags: added: architecture-s39064 bugnameltc-211296 severity-high targetmilestone-inin2504
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
Frank Heimes (fheimes) wrote :

Thanks for the update.
I'm seeing a lot of patches that are in master on top of 1.2.0
(https://github.com/opencryptoki/libzpc/commits)
so would it be possible to tag a new version that we can more easily upgrade to?

affects: linux (Ubuntu) → libzpc (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
importance: Undecided → High
Changed in libzpc (Ubuntu):
importance: Undecided → High
Changed in ubuntu-z-systems:
status: New → Incomplete
Changed in libzpc (Ubuntu):
status: New → Incomplete
Revision history for this message
Frank Heimes (fheimes) wrote :

Looks like we are close to a new version 1.3.0:
https://github.com/opencryptoki/libzpc/pull/21

Revision history for this message
Frank Heimes (fheimes) wrote :

https://github.com/opencryptoki/libzpc/releases/tag/v1.3.0

Changed in ubuntu-z-systems:
status: Incomplete → Triaged
Changed in libzpc (Ubuntu):
status: Incomplete → Triaged
assignee: Skipper Bug Screeners (skipper-screen-team) → Alexandre Erwin Ittner (aittner)
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2025-02-10 05:45 EDT-------
This feature has been included in the brand new libzpc v1.3.0 which was released last week.
Can you please do a version bump to v1.3.0 to get the feature into Plucky?
Thanks

Revision history for this message
Frank Heimes (fheimes) wrote :

Thx Boris - yes, we plan to bump the version to latest.

Frank Heimes (fheimes)
Changed in libzpc (Ubuntu):
status: Triaged → In Progress
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Revision history for this message
Alexandre Erwin Ittner (aittner) wrote :

debdiff attached with the version bump and an upgraded Standards-Version (to 4.7.0). A full package is also available from this PPA https://launchpad.net/~aittner/+archive/ubuntu/lp2097545-plucky2

lintian shows no warnings. No changes to symbols needed.

information type: Private → Public
Revision history for this message
Dan Bungert (dbungert) wrote :

Reviewed for sponsorship purposes.

I request that `update-maintainer` be run on the package for the next upload. https://wiki.ubuntu.com/DebianMaintainerField has details. Not an big deal in this case as it lists Frank as the maintainer, but still a good convention that I'd like you to follow.

Please regenerate the diff with that change and I'll be happy to upload.

Revision history for this message
Alexandre Erwin Ittner (aittner) wrote :

Thanks @dbungert ! I'm sending a new debdiff with the changes.

Revision history for this message
Dan Bungert (dbungert) wrote :

Uploaded

Changed in libzpc (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libzpc - 1.3.0-0ubuntu1

---------------
libzpc (1.3.0-0ubuntu1) plucky; urgency=medium

  * New upstream release (LP: #2097545)
  * d/control: upgrade Standards-Version from 4.6.2 to 4.7.0.
  * d/control: Update Maintainer field to "Ubuntu Developers".

 -- Alexandre Erwin Ittner <email address hidden> Fri, 14 Feb 2025 16:52:54 +0000

Changed in libzpc (Ubuntu):
status: Fix Committed → Fix Released
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.